1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-16 11:52:40 +01:00
Commit graph

8535 commits

Author SHA1 Message Date
epriestley
e8c490958c Stop writing new TYPE_PROJECTS transactions to Maniphest
Summary:
Ref T5245. We'll still display the old ones, but write real edge transactions now -- not TYPE_PROJECTS transactions.

Some code remains to show the existing transactions. The next diff will modernize the old transactions so we can remove this code.

Test Plan:
  - Previewed a project-editing comment.
  - Submitted a project-editing comment.
  - Edited a task's projects.
  - Batch edited a task's projects.

Reviewers: joshuaspence, chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5245

Differential Revision: https://secure.phabricator.com/D9852
2014-07-17 15:43:40 -07:00
epriestley
b8b59895ee Stop reads and writes to projectPHIDs property on ManiphestTask
Summary: Ref T5245. This property predates edges and is unusual in modern applications. Stop writes to it and populate it implicitly from edges when querying.

Test Plan:
  - Viewed task list.
  - Created a task.
  - Added and removed projects from tasks.

Reviewers: joshuaspence, chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5245

Differential Revision: https://secure.phabricator.com/D9851
2014-07-17 15:42:53 -07:00
epriestley
aa79539789 Move task/project storage to edges
Summary: Ref T5245. This moves the actual storage over and stops reads and writes to the old table.

Test Plan:
  - Verified tasks retained projects across the migration.
  - Added and removed projects from tasks.
  - Searched for: all, any, users' projects, not-in-projects, no-projects.

Reviewers: chad, btrahan, joshuaspence

Reviewed By: joshuaspence

Subscribers: epriestley

Maniphest Tasks: T5245

Differential Revision: https://secure.phabricator.com/D9850
2014-07-17 15:42:30 -07:00
epriestley
33120e377a Modernize Project/Object edges
Summary: Ref T5245. Updates the project/object edge to use a modern class definition. Moves further toward real edges.

Test Plan: Added projects to some objects, viewed transactions in transaction record.

Reviewers: chad, btrahan, joshuaspence

Reviewed By: joshuaspence

Subscribers: epriestley

Maniphest Tasks: T5245

Differential Revision: https://secure.phabricator.com/D9849
2014-07-17 15:42:19 -07:00
epriestley
d4b2bfa2f4 Modernize commit/edge transaction when parsing commit messages
Summary: Ref T5245. With work elsewhere (notably, D9839) we can remove this TODO and use real transactions.

Test Plan: Pushed a `closes Txxx` commit and got a close + transaction.

Reviewers: chad, btrahan, joshuaspence

Reviewed By: joshuaspence

Subscribers: epriestley

Maniphest Tasks: T5245

Differential Revision: https://secure.phabricator.com/D9848
2014-07-17 15:42:06 -07:00
epriestley
b32313cc85 Use PhabricatorEdgeType strings when rendering transactions
Summary:
Ref T5245. This hooks up the translation/rendering methods added previously.

These are messy, but now extractable/translatable.

Test Plan: Viewed edge transactions and stories, saw correct strings.

Reviewers: chad, btrahan, joshuaspence

Reviewed By: joshuaspence

Subscribers: epriestley

Maniphest Tasks: T5245

Differential Revision: https://secure.phabricator.com/D9841
2014-07-17 15:41:54 -07:00
epriestley
8cbfb49b4e Remove all edge events
Summary:
Ref T5245. These were a bad idea.

We no longer need actors for edge edits either, so remove those. Generally, edges have fit into the policy model as pure/low-level infrastructure, and they do not have any policy or capability information in and of themselves.

Test Plan: `grep`

Reviewers: chad, btrahan, joshuaspence

Reviewed By: joshuaspence

Subscribers: epriestley

Maniphest Tasks: T5245

Differential Revision: https://secure.phabricator.com/D9840
2014-07-17 15:41:42 -07:00
epriestley
533e799c5f Modernize task/revision edges and write inverse transactions
Summary:
Ref T5245. See some discussion in D9838.

When we attach object A to object B, we'd like to write transactions on both sides but only write the actual edges once.

To do this, allow edge types to `shouldWriteInverseTransactions()`. When an edge type opts into this, have editors apply the inverse transactions before writing the edge. These inverse transactions don't actually apply effects, they just show up in the transaction log.

Test Plan: Attached and detached revisions from tasks, saw transactions appear on both sides of the operation.

Reviewers: chad, btrahan, joshuaspence

Reviewed By: btrahan, joshuaspence

Subscribers: epriestley

Maniphest Tasks: T5245

Differential Revision: https://secure.phabricator.com/D9839
2014-07-17 15:41:08 -07:00
epriestley
ace1feb702 Implement PhabricatorApplicationTransactionInterface on ManiphestTask
Summary:
Ref T5245. A very long time ago I had this terrible idea that we'd let objects react to edges being added and insert transactions in response.

This turned out to be a clearly bad idea very quickly, for like 15 different reasons. A big issue is that it inverts the responsibilities of editors. It's also just clumsy and messy.

We now have `PhabricatorApplicationTransactionInterface` instead, which mostly provides a cleaner way to deal with this.

Implement `PhabricatorApplicationTransactionInterface`, implicitly moving all the attach actions (task/task, task/revision, task/commit, task/mock) to proper edge transactions.

The cost of this is that the inverse edges don't write transactions -- if you attach an object to another object, only the object you were acting on posts a transaction record. This is sort of buggy anyway already. I'll fix this in the next diff.

Test Plan: Attached tasks, revisions and mocks to a task, then detached them.

Reviewers: chad, btrahan, joshuaspence

Reviewed By: joshuaspence

Subscribers: epriestley

Maniphest Tasks: T5245

Differential Revision: https://secure.phabricator.com/D9838
2014-07-17 15:40:52 -07:00
epriestley
7afb770cbe Make edge types modular
Summary:
Ref T5245. I want to add a new capability to edge types, which is a good opportunity to move away from `PhabricatorEdgeConfig`, which isn't modular.

This is basically the same as the modularization of PHID types, which has worked well. Add `PhabricatorEdgeType` and provide an adaption layer for the existing code.

This has no runtime changes, except the fixed edge constant.

Test Plan: Ran `var_dump(PhabricatorEdgeType::getAllTypes())` and got reasonable looking output.

Reviewers: chad, btrahan, joshuaspence

Reviewed By: joshuaspence

Subscribers: epriestley

Maniphest Tasks: T5245

Differential Revision: https://secure.phabricator.com/D9837
2014-07-17 15:40:37 -07:00
epriestley
7deec8208f Make Maniphest project edits more transaction-oriented
Summary: Ref T5245. Currently, task/project links rely on side effects in `save()`. Make them more transaction-oriented, with the goal of moving fully to edges a few diffs down the line.

Test Plan:
  - Added and removed projects using "Edit Task", "Associate Projects" comment action, and Herald.
  - Verified database ended up in the expected state.

Reviewers: chad, btrahan, joshuaspence

Reviewed By: joshuaspence

Subscribers: epriestley

Maniphest Tasks: T5245

Differential Revision: https://secure.phabricator.com/D9833
2014-07-17 15:40:19 -07:00
epriestley
ca83e4c6a8 Adjust Phriction remarkup rule priority
Summary: Fixes T5645. See D9964.

Test Plan:
Accurate link for `[[ xyz | T25 ]]`.

Here are the priorities:

```
0 PhutilRemarkupRuleEscapeRemarkup
100 PhutilRemarkupRuleMonospace
150 PhutilRemarkupRuleDocumentLink
175 PhrictionRemarkupRule
200 HarbormasterRemarkupRule
200 PhabricatorRemarkupRuleEmbedFile
200 DivinerRemarkupRuleSymbol
200 PhabricatorCountdownRemarkupRule
200 LegalpadDocumentRemarkupRule
200 PhabricatorRemarkupRuleMeme
200 PassphraseRemarkupRule
200 PhabricatorRemarkupRuleIcon
200 SlowvoteRemarkupRule
200 HeraldRemarkupRule
200 PhabricatorPasteRemarkupRule
200 ProjectRemarkupRule
200 DiffusionCommitRemarkupRule
200 DiffusionRepositoryRemarkupRule
200 DifferentialRemarkupRule
200 PonderRemarkupRule
200 ManiphestRemarkupRule
200 PhabricatorDashboardRemarkupRule
200 PholioRemarkupRule
350 PhabricatorRemarkupRuleYoutube
350 DoorkeeperRemarkupRuleAsana
350 DoorkeeperRemarkupRuleJIRA
400 PhutilRemarkupRuleHyperlink
500 CustomInlineCodeRule
500 CustomInlineJIRA5Rule
500 PhabricatorRemarkupRuleImageMacro
500 PhabricatorRemarkupRuleMention
1000 PhutilRemarkupRuleBold
1000 PhutilRemarkupRuleUnderline
1000 PhutilRemarkupRuleDel
1000 PhutilRemarkupRuleItalic
```

Reviewers: btrahan, joshuaspence

Reviewed By: joshuaspence

Subscribers: epriestley

Maniphest Tasks: T5645

Differential Revision: https://secure.phabricator.com/D9965
2014-07-17 14:49:11 -07:00
epriestley
6bf4ec97d5 Fix HTTP 400 from notification server for JSON subscription objects
Summary: Fixes T5651. Sometime we'll send an object to the notification server for `subscribers`, which it will choke on. Use `array_values()` to make sure we're sending an array.

Test Plan: With `(object)` instead, got a consistent error ("no .filter method on object"). With `array_values()`, no error.

Reviewers: joshuaspence

Reviewed By: joshuaspence

Subscribers: epriestley

Maniphest Tasks: T5651

Differential Revision: https://secure.phabricator.com/D9963
2014-07-17 14:48:54 -07:00
epriestley
ab3c17a2cd Emit more usable results from phrequent.tracking
Summary:
I think this pretty much does what you would expect?

The "active" item is always at the top of the stack.

Test Plan: Called `phrequent.tracking` and got reasonable results.

Reviewers: hach-que

Reviewed By: hach-que

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9939
2014-07-16 17:12:38 -07:00
Joshua Spence
ae97617e36 Reformat README as Remarkup
Summary: We have Remarkup, so why not use it?

Test Plan: See D9946.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9948
2014-07-16 22:10:36 +10:00
Joshua Spence
13590b9e3d Rename the support/jshint directory.
Summary: It is somewhat overkill to use an entire directory for a single file (the configuration file for JSHint). Instead, rename the directory so that it could (theoretically) be used for other linter configuration files.

Test Plan: Ran `arc lint -- webroot/rsrc/js/core/phtize.js` just to make sure everything still works.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9944
2014-07-16 22:07:55 +10:00
Joshua Spence
d8bf7172b7 Minor change to the Celerity map formatting
Summary: Add a new line for clarity.

Test Plan: Inspected `./resources/celerity/map.php`.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9931
2014-07-16 11:29:06 +10:00
Joshua Spence
24d4764347 Minor fix for CelerityManagementMapWorkflow
Summary: `phutil_var_export` only accepts a single parameter. This bug was introduced in D9926.

Test Plan: Eye-ball it.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9930
2014-07-16 11:28:36 +10:00
Evan Priestley
7ac5abb979 Recover from a broken external OAuth2 account
Summary: Currently, the external accounts page can die in a fire if an OAuth2 link is bad. Instead of exploding, just fail the specific link.

Test Plan: Faked an error and got "invalid token" instead of an exception.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9937
2014-07-15 13:39:56 -07:00
Ben Alpert
1fc324066c Return repositoryPHID from differential.query
Test Plan: Queried a revision that had a repository attached, got the PHID; queried one that didn't, got null.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9928
2014-07-14 15:00:18 -07:00
Joshua Spence
7c71e1aefa Use phutil_var_export in CelerityManagementMapWorkflow
Summary: `phutil_var_export` produces more readable output than `var_export`. Depends on D9923.

Test Plan: Eye-balled the Celerity map.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9926
2014-07-15 01:33:33 +10:00
Chad Little
d18f4eb39e Add 4 more project icons
Summary: Adds 4 more icons.

Test Plan: Tested editing a project

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9919
2014-07-13 10:18:48 -07:00
epriestley
643c1c4a52 Update Stripe PHP API
Summary: Ref T2787. This brings us up to date.

Test Plan: `git clone`

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T2787

Differential Revision: https://secure.phabricator.com/D9916
2014-07-13 09:19:07 -07:00
epriestley
3a59cff7e6 Update Phortune UI elements
Summary:
Ref T2787. Update some of the UI elements used by Phortune. Mostly gets rid of the old blue headers.

Also adds some sweet art.

Test Plan: Poked aroudn Phortune.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T2787

Differential Revision: https://secure.phabricator.com/D9915
2014-07-13 09:18:50 -07:00
epriestley
66a30ef97b Fix issue in Mercurial repos with duplicate branch heads
Summary:
Fixes T5613. A branch may have multiple heads in Mercurial, but `executeOne()` expects exactly one result.

Load them all instead. Equivalently, we could `limit(1)`, but it's likely that we'll use the cursors in the future to reduce the number of VCS operations we do, so this is probably a little more along the lines where we're headed.

Test Plan: Poked around some repos.

Reviewers: chad, richardvanvelzen

Reviewed By: richardvanvelzen

Subscribers: epriestley

Maniphest Tasks: T5613

Differential Revision: https://secure.phabricator.com/D9918
2014-07-13 06:55:04 -07:00
James Rhodes
9cb6b2cfcc Remove user-independent date and time functions from Phabricator
Summary: These have been moved into libphutil.

Test Plan: Browsed Phabricator, didn't see a crash.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9907
2014-07-13 12:03:17 +10:00
epriestley
ca6b3a632d Remove uniqueness constraint from "sequence" key in project column table
Summary: Fixes T5611. We don't need sequences to be unique, and it makes it a pain to update them.

Test Plan: Dragged some columns around.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5611

Differential Revision: https://secure.phabricator.com/D9914
2014-07-12 11:24:35 -07:00
Joshua Spence
e495ce496b Fix various spelling mistakes
Summary: Minor change, self-explanatory.

Test Plan: Eye-ball it

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9911
2014-07-13 00:45:33 +10:00
epriestley
ae263ddde5 Show a better message for empty repositories and invalid branches
Summary:
Ref T1493.

  - When viewing an invalid branch, show a "there is no such branch" message.
  - When viewing an empty repository, show a "this repository is empty" message.

Test Plan:
  - Viewed empty, bad branch, and nonempty in Git.
  - Viewed empty, bad branch, and nonempty in Mercurial.
  - Viewed empty and nonempty in Subversion.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T1493

Differential Revision: https://secure.phabricator.com/D9912
2014-07-12 07:05:19 -07:00
Michael Peters
17badfacac Fix PhabricatorProjectCustomFields to use storage correctly.
Summary: Prevents infinite recursion when trying to save custom fields on projects.

Test Plan: Add a custom field (that is a class, not one configured in the UI) to a project, and try to save it.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Projects: #phabricator

Maniphest Tasks: T5606

Differential Revision: https://secure.phabricator.com/D9908
2014-07-11 20:20:37 -07:00
epriestley
b7a970598d Allow board columns to be reordered
Summary: Fixes T4567. This isn't going to win design awards and we have some leaky CSS, but it works fine.

Test Plan: {F176743}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4567

Differential Revision: https://secure.phabricator.com/D9905
2014-07-11 19:27:07 -07:00
James Rhodes
2101c3b689 Conduit APIs to start and stop tracking time in phrequent
Summary:
This adds methods to start and stop tracking any arbitrary PHID in phrequent. Currently, this uses copy-pasted code from PhrequentTrackController. I had to do this because the code to start/stop was not abstracted into a common class.

Once the code to start/stop working is extracted into a re-usable class, the conduit API can use this as well.

Test Plan: I called the functions with a PHID of a task and ensured that the fields in the phrequent database table was being updated correctly.

Reviewers: skyronic, #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: maxhodak, erik.fercak, aran, epriestley, Korvin

Maniphest Tasks: T3569, T3970

Differential Revision: https://secure.phabricator.com/D7326
2014-07-12 11:42:32 +10:00
Joshua Spence
9a679bf374 Allow worker tasks to have priorities
Summary: Fixes T5336. Currently, `PhabricatorWorkerLeaseQuery` is basically FIFO. It makes more sense for the queue to be a priority-queue, and to assign higher priorities to alerts (email and SMS).

Test Plan: Created dummy tasks in the queue (with different priorities). Verified that the priority field was set correctly in the DB and that the priority was shown on the `/daemon/` page. Started a `PhabricatorTaskmasterDaemon` and verified that the higher priority tasks were executed before lower priority tasks.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T5336

Differential Revision: https://secure.phabricator.com/D9871
2014-07-12 03:02:06 +10:00
Chad Horohoe
66a3abe058 Make it possible to configure Elasticsearch index name
Summary:
Similar to storage.default-namespace sometimes during development you'll want
to handle multiple indexes alongside one another. Rather than hardcoding the
/phabricator/ index make this exposed in new search.elastic.index setting,
defaulting to the existing "phabricator"

Test Plan:
Existing installations should be unaffected by this change. Changing the new
setting will result in new indexes being created when someone runs
`./bin/search index` again

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: 20after4, rush898, epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9798
2014-07-10 18:41:05 -07:00
epriestley
793eced32d Modernize "projects" typeahead datasource
Summary: Ref T4420. Update "projects" source.

Test Plan:
- Edited projects on a Differential revision.
- Edited projects on a commit.
- Edited projects on a repository.
- Edited projects in feed search.
- Edited projects in a Herald rule field.
- Edited projects in a Herald rule action.
- Edited projects in Maniphest batch editor.
- Edited projects on Maniphest task.
- Edited projects in "Associate Projects..." action in Maniphest.
- Edited projects on Maniphest search in "all projects", "any project" and "not projects" fields.
- Edited projects on a Paste.
- Edited projects on a Pholio mock.
- Edited projects on a custom policy rule.
- Edited projects on a Ponder question.
- Edited projects on a Diffusion search query.
- Edited projects on a global search query.
- Edited projects on a slowvote.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4420

Differential Revision: https://secure.phabricator.com/D9884
2014-07-10 17:28:29 -07:00
Bob Trahan
fc36ec0da1 Maniphest - add 'upforgrabs' hint in bulk editor
Summary: change typeahead placeholder to include 'or "upforgrabs" to unassign...' Fixes T2267. Well, makes it as good as its going to be until we get some new space age UI.

Test Plan: new text looks okay-ish

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T2267

Differential Revision: https://secure.phabricator.com/D9882
2014-07-10 17:18:00 -07:00
epriestley
6eb879210a Modernize "owners" datasource
Summary: Ref T4420. Update owners.

Test Plan:
  - Used typeahead from Herald.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4420

Differential Revision: https://secure.phabricator.com/D9880
2014-07-10 16:21:21 -07:00
epriestley
e9dbe747ff Modernize "arcanist project" datasource
Summary: Ref T4420. Do arc projects.

Test Plan:
  - Used Herald typeahead.
  - Used Repositories typehaead.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4420

Differential Revision: https://secure.phabricator.com/D9879
2014-07-10 16:21:10 -07:00
epriestley
dba4865681 Modernize "build plans" typeahead datasource
Summary: Ref T4420. Modernize build plans.

Test Plan:
  - Used build plan typeahead in Harbormaster.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4420

Differential Revision: https://secure.phabricator.com/D9878
2014-07-10 16:20:58 -07:00
epriestley
4759f3f897 Modernize "task priority" datasource
Summary: Ref T4420.

Test Plan:
  - Used typeahead in Herald rules.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4420

Differential Revision: https://secure.phabricator.com/D9877
2014-07-10 16:20:40 -07:00
epriestley
4e77984644 Modernize "legalpad" typeahead datasource
Summary: Ref T4420. Modernize legalpad.

Test Plan:
  - Used typeahead in Herald rules.
  - Used typeahead in Policy dialog.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4420

Differential Revision: https://secure.phabricator.com/D9876
2014-07-10 16:18:48 -07:00
epriestley
a2caea13d6 Modernize "macro" typeahead datasource
Summary: Ref T4420. Make this modern.

Test Plan:
  - Used typeahead in remarkup comment area to select macro "derpdog".

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4420

Differential Revision: https://secure.phabricator.com/D9875
2014-07-10 16:18:15 -07:00
epriestley
34628002fd Modernize "repositories" typeahead datasource
Summary:
Ref T4420.

  - Allow tokenizers to accept either a `Datasource` object (new style) or a URI (old style).
  - Read URI and placeholder text from object, if available.
  - Swap the "repositories" datasource (which seemed like the simplest one) over to the new stuff.
  - Tweak/update the repo tokens a little bit.

Test Plan:
  - Used tokenizer in Herald, Differential (search), Differential (edit), Push Logs.
  - Grepped for other callsites.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4420

Differential Revision: https://secure.phabricator.com/D9874
2014-07-10 16:18:04 -07:00
Bob Trahan
e281c5ee90 Security - disable conduit act as user by default
Summary: Introduce a new configuration setting that by default disables the conduit as as user method. Wordily explain that turning it on is not recommended. Fixes T3818.

Test Plan:
```
15:25:19 ~/Dropbox/code/phalanx/src/applications/conduit (T3818)
~>  echo '{}' | arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami
Waiting for JSON parameters on stdin...
{"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-tghb3b2gbdyezdcuw2or","userName":"btrahan","realName":"Bob Trahan","image":"http:\/\/phalanx.dev\/file\/data\/yncjbh7phk7ktrdhuorn\/PHID-FILE-qyf4ui3x2ll3e52hpg5e\/profile-profile-gravatar","uri":"http:\/\/phalanx.dev\/p\/btrahan\/","roles":["admin","verified","approved","activated"]}}
15:25:34 ~/Dropbox/code/phalanx/src/applications/conduit (T3818)

<go edit libconfig/conduitclient to spoof another user...>

~>  echo '{}' | arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami
Waiting for JSON parameters on stdin...
{"error":"ERR-CONDUIT-CORE","errorMessage":"ERR-CONDUIT-CORE: security.allow-conduit-act-as-user is disabled","response":null}
15:26:40 ~/Dropbox/code/phalanx/src/applications/conduit (T3818)

<enable option via bin/config....>

~>  echo '{}' | arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami
Waiting for JSON parameters on stdin...
{"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-6lcglnzbkiamdofishgi","userName":"xerxes","realName":"Xerxes Trahan","image":"http:\/\/phalanx.dev\/file\/data\/n2kyeevowetcuynbcxrg\/PHID-FILE-voquikectzpde256zzvm\/profile-1275455993.jpg","uri":"http:\/\/phalanx.dev\/p\/xerxes\/","roles":["verified","approved","activated"]}}
```

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: jevripio, sowedance, epriestley, Korvin

Maniphest Tasks: T3818

Differential Revision: https://secure.phabricator.com/D9881
2014-07-10 15:43:53 -07:00
epriestley
fae23e0860 Make column reordering after edits on workboards more general
Summary:
Ref T5476. Currently, the task edit code assumes it knows what the UI looks like and sends back where on the column an item should be inserted.

This is buggy after adding filters, and relatively complex. Instead, send down the ordering on the whole column and sort it in the UI. This is a bit simpler overall and more general. It makes it easier to further generalize this code for T5476.

Test Plan:
  - Edited a task on a board, changing priority. Saw it reorder properly.
  - Edited a task on a board in a field of other tasks at the same top-level priority. Saw it refresh without reordering.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5476

Differential Revision: https://secure.phabricator.com/D9832
2014-07-10 10:19:03 -07:00
epriestley
3d804bf14d Fix some transaction issues when retitling projects
Summary:
Fixes T5530.

  - We currently fail if you rename a project so it has the same slug (e.g., "Example" -> "ExAmPlE").
  - We currently fail if you rename a project so one of its secondary hashtags becomes the primary hashtag.

Instead, succeed in these cases.

Test Plan: Successfully performed the renames described above.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5458, T5530

Differential Revision: https://secure.phabricator.com/D9829
2014-07-10 10:18:32 -07:00
epriestley
e46826ad36 Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.

External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.

Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.

However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).

Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:

  - Add `CAN_EDIT` on these objects.
  - Make that very restricted, but open up `CAN_VIEW`.
  - Require `CAN_EDIT` any time we're going to do something authentication/identity related.

This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.

I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.

Test Plan:
  - Viewed external accounts.
  - Linked an external account.
  - Refreshed an external account.
  - Edited profile picture.
  - Viewed sessions panel.
  - Published a bunch of stuff to Asana/JIRA.
  - Legalpad signature page now shows external accounts.

{F171595}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3732, T1205, T3116

Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 10:18:10 -07:00
epriestley
02c3200867 Respond more gracefully when a git push deletes a nonexistent ref
Summary:
Fixes T5534. If you `git push origin :refs/tags/doesnotexist` (for some non-existing tag), we get a change where both the old and new refs are empty.

We incorrectly call this an "add", because the old ref is empty. Instead, call this a "delete", but skip the logic which would normally mark it dangerous.

(Possibly we should just reject these outright, but Git allows them, so stick with that for now.)

Test Plan:
Pushed nonexistent refs:

```
  $ git push origin :refs/tags/doesnotexist
  remote: warning: Allowing deletion of corrupt ref.
  To ssh://dweller@localhost/diffusion/POEMS/
   - [deleted]         doesnotexist
  $
```

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5534

Differential Revision: https://secure.phabricator.com/D9800
2014-07-10 10:17:17 -07:00
epriestley
16648c28bc Add GROUP BY to commit query
Summary:
Ref T4715. Some minor stuff I caught locally while poking around:

  - Since we don't `GROUP BY`, we can still get duplicate commits. These get silently de-duplicated by `loadAllFromArray()` because that returns an array keyed by `id`, but we fetch too much data and this can cause us to execute too many queries to fill pages. Instead, `GROUP BY` if we joined the audit table.
  - After adding `GROUP BY`, getting the audit IDs out of the query is no longer reliable. Instead, query audits by the commit PHIDs. This is approximately equiavlent.
  - Since we always `JOIN`, we currently never return commits that don't have any audits. If we don't know that all results will have an audit, just `LEFT JOIN`.
  - Add some `!== null` to catch the `withIDs(array())` issue that we hit with Khan Academy a little while ago.

Test Plan:
  - Verified that "All Commits" shows commits with no audits of any kind.
  - Verified that the raw data comes out of the query without duplicates.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5433, T4715

Differential Revision: https://secure.phabricator.com/D8879
2014-07-10 10:16:26 -07:00
epriestley
d83bf5ea06 After a file upload, take the user to the info page, not the view page
Summary: Fixes T5588. If you upload an image, we currently take you to the image URL, but this makes it hard to figure out the monogram for use elsewhere.

Test Plan: Uploaded a file and was taken to the info page.

Reviewers: joshuaspence

Reviewed By: joshuaspence

Subscribers: epriestley

Maniphest Tasks: T5588

Differential Revision: https://secure.phabricator.com/D9872
2014-07-10 06:39:23 -07:00